Protecting data using Neo4J
This presentation shows how Neo4J can be used to limit access to ressources within an identity- and accessmanagement system.
2. DATEV EGDATEV EG
WHO WE ARE AND WHAT WE DOWHO WE ARE AND WHAT WE DO
Cooperative based in Nuremberg
Provide software and services for
Tax consultants
Auditors
Lawyers
Their clients
3. OUR BIGGEST ASSETSOUR BIGGEST ASSETS
High quality services
All data and services hosted in Germany
Highest security to protect our customers' data
4. WHERE WE COME FROMWHERE WE COME FROM
In our ecosystem collaboration happened only between our customers and their clients
We built our own IAM system that tted our needs
┌──────────┐
│ DATEV │
└──────────┘
/
/
┌──────────┐ ┌──────────┐
│ Customer │ │ Customer │
└──────────┘ └──────────┘
/
/
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Client │ │ Client │ │ Client │
└──────────┘ └──────────┘ └──────────┘
5. THINGS CHANGE OVER TIMETHINGS CHANGE OVER TIME
Customers' clients demanded collaboration with multiple of our customers
┌──────────┐
│ DATEV │
└──────────┘
/
/
┌──────────┐ ┌──────────┐
│ Customer ├──┬──┤ Customer │
└──────────┘ | └──────────┘
/ |
/ |
┌──────────┐ ┌─────┴────┐ ┌──────────┐
│ Client │ │ Client │ │ Client │
└──────────┘ └──────────┘ └──────────┘
6. THINGS ARE CHANGING AGAINTHINGS ARE CHANGING AGAIN
Our customers' clients demand collaborating with each other and with us directly
┌──────────┐
│ DATEV │────────────┐
└──────────┘ |
/ |
/ |
┌──────────┐ ┌──────────┐ |
│ Customer ├──┬──┤ Customer │ |
└──────────┘ | └──────────┘ |
/ | |
/ | |
┌──────────┐ ┌────┴─────┐ ┌──────────┐
│ Client ├────┤ Client │ │ Client │
└──────────┘ └───────┬──┘ └───┬──────┘
└──────────┘
7. WHAT WE ARE AIMING FORWHAT WE ARE AIMING FOR
A new IAM system tting our needs again
Keep our current level of security
Provide secure access to data
Having collaboration built-in
8. OUR SOLUTIONOUR SOLUTION
Access management with multiple lines of defense
1. relationship based access control
2. policy based access control
3. extensible for future requirements
9. RELATIONSHIP BASED ACCESS CONTROLRELATIONSHIP BASED ACCESS CONTROL
Simply check if the authenticated user
has a directed relationship
to the data she wants to access.
10. TERMS OF OUR GRAPHTERMS OF OUR GRAPH
Accounts which interact with the system
Entities for which data is stored
Relationships between accounts and entities
12. WHERE TO GO FROM HEREWHERE TO GO FROM HERE
More detailed content-nodes to achieve:
Higher scalability of granularity
Higher exibility in constraining access